This detection rule is designed to identify phishing attempts impersonating communications from the Chrome Web Store. It specifically targets fraudulent messages that mimic legitimate security alerts or policy acceptance requests related to Chrome extensions. The rule analyzes various parameters, including the sender's email domain and specific patterns within the email content, to detect characteristics associated with these impersonation tactics. The detection is triggered when emails come from specific domains known to be used for such attacks or when the email's content exhibits certain telltale signs, such as specific phrases relating to Chrome Web Store policies or suspicious links. Furthermore, it avoids false positives by excluding messages from actual Google support by verifying the sender's domain and DMARC authentication status.